Avatar
Luxas 11mo ago

On a normal site that's Cloudflare'd, if there is a login form, your password will be visible in plaintext as the data is decrypted by Cloudflare since their reverse-proxying service is effectively a MitM. This poses a minor OpSec issue if your threat model includes Cloudflare as a threat actor. But, what's cool is if the site has a Nostr login, you don't need to worry about this type of possible attack vector. Nostr is the future of the interoperable and open web.

Reply to this note

Please Login to reply.

Discussion

Avatar
sister_sam 11mo ago

Cloudflare is increasingly an internet central chokepoint. If NSA is not grabbing data through it already they very soon will be. They love these.

Avatar
Luxas 11mo ago

Yes, I think I read something like 19% of the whole internet is routed through Cloudflare

Avatar
πŸ„·πŸ„ΈπŸ„ΆπŸ„·β—πŸ…‚πŸ„²πŸ„ΎπŸ…πŸ„΄ 11mo ago

my working assumption is that companies like this don't grow organically they are given assistance by our friends over at the NSA and become yet another front for them